package org.apache.jackrabbit.oak.jcr.security.authorization;

import java.security.Principal;
import java.util.UUID;
import javax.jcr.Node;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/InheritanceTest.class */
public class InheritanceTest extends AbstractEvaluationTest {
    private Group group2;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.authorization.AbstractEvaluationTest
    public void setUp() throws Exception {
        super.setUp();
        this.group2 = getUserManager(this.superuser).createGroup("testGroup" + UUID.randomUUID());
        this.group2.addMember(this.testUser);
        this.superuser.save();
        this.testSession.logout();
        this.testSession = createTestSession();
        this.testAcMgr = this.testSession.getAccessControlManager();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.authorization.AbstractEvaluationTest
    public void tearDown() throws Exception {
        this.group2.remove();
        this.superuser.save();
        super.tearDown();
    }

    @Test
    public void testInheritance() throws Exception {
        allow(this.path, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}removeNode", "{http://www.jcp.org/jcr/1.0}modifyProperties"}));
        allow(this.childNPath, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeChildNodes"}));
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}removeNode", "{http://www.jcp.org/jcr/1.0}modifyProperties"});
        assertTrue(this.testAcMgr.hasPrivileges(this.childNPath, privilegesFromNames));
        assertTrue(this.testSession.hasPermission(this.childNPath, "set_property,read"));
        assertFalse(this.testSession.hasPermission(this.childNPath, "remove,add_node"));
        assertTrue(this.testSession.hasPermission(this.childNPath + "/anyItem", "set_property,read" + "," + "remove,add_node"));
        String path = this.testSession.getNode(this.childNPath).addNode(this.nodeName2).getPath();
        assertTrue(this.testAcMgr.hasPrivileges(path, privilegesFromNames));
        this.testSession.save();
        assertTrue(this.testAcMgr.hasPrivileges(path, privilegesFromNames));
    }

    @Test
    public void testInheritance2() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}write"});
        allow(this.path, privilegesFromNames);
        deny(this.childNPath, privilegesFromNames);
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, privilegesFromNames));
        assertFalse(this.testSession.hasPermission(this.childNPath + "/anyItem", getActions("set_property", "remove", "add_node")));
        Node addNode = this.superuser.getNode(this.childNPath).addNode(this.nodeName3);
        this.superuser.save();
        this.testSession.refresh(false);
        String path = addNode.getPath();
        allow(path, privilegesFromNames);
        assertTrue(this.testAcMgr.hasPrivileges(path, privilegesFromNames));
        assertTrue(this.testSession.hasPermission(path + "/anyProp", "set_property"));
        assertFalse(this.testSession.hasPermission(path, "remove"));
    }

    @Test
    public void testInheritedGroupPermissions() throws Exception {
        allow(this.path, this.testGroup.getPrincipal(), this.modPropPrivileges);
        deny(this.childNPath, (Principal) EveryonePrincipal.getInstance(), this.modPropPrivileges);
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, this.modPropPrivileges));
    }

    @Test
    public void testInheritedGroupPermissions2() throws Exception {
        allow(this.path, (Principal) EveryonePrincipal.getInstance(), this.modPropPrivileges);
        deny(this.childNPath, this.testGroup.getPrincipal(), this.modPropPrivileges);
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, this.modPropPrivileges));
    }

    @Test
    public void testMultipleGroupPermissionsOnNode() throws Exception {
        allow(this.path, this.testGroup.getPrincipal(), this.modPropPrivileges);
        deny(this.path, this.group2.getPrincipal(), this.modPropPrivileges);
        assertFalse(this.testSession.hasPermission(this.path, getActions("set_property", "read")));
        assertFalse(this.testAcMgr.hasPrivileges(this.path, this.modPropPrivileges));
    }

    @Test
    public void testMultipleGroupPermissionsOnNode2() throws Exception {
        deny(this.path, this.testGroup.getPrincipal(), this.modPropPrivileges);
        allow(this.path, this.group2.getPrincipal(), this.modPropPrivileges);
        assertTrue(this.testSession.hasPermission(this.path, getActions("set_property", "read")));
        assertTrue(this.testAcMgr.hasPrivileges(this.path, this.modPropPrivileges));
    }

    @Test
    public void testReorderGroupPermissions() throws Exception {
        deny(this.path, this.testGroup.getPrincipal(), this.modPropPrivileges);
        allow(this.path, this.group2.getPrincipal(), this.modPropPrivileges);
        String actions = getActions("set_property", "read");
        assertTrue(this.testSession.hasPermission(this.path, actions));
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties");
        assertTrue(this.testAcMgr.hasPrivileges(this.path, privilegesFromName));
        AccessControlEntry accessControlEntry = null;
        AccessControlEntry accessControlEntry2 = null;
        JackrabbitAccessControlList jackrabbitAccessControlList = this.acMgr.getPolicies(this.path)[0];
        for (AccessControlEntry accessControlEntry3 : jackrabbitAccessControlList.getAccessControlEntries()) {
            Principal principal = accessControlEntry3.getPrincipal();
            if (this.testGroup.getPrincipal().equals(principal)) {
                accessControlEntry2 = accessControlEntry3;
            } else if (this.group2.getPrincipal().equals(principal)) {
                accessControlEntry = accessControlEntry3;
            }
        }
        jackrabbitAccessControlList.orderBefore(accessControlEntry, accessControlEntry2);
        this.acMgr.setPolicy(this.path, jackrabbitAccessControlList);
        this.superuser.save();
        this.testSession.refresh(false);
        assertFalse(this.testSession.hasPermission(this.path, actions));
        assertFalse(this.testAcMgr.hasPrivileges(this.path, privilegesFromName));
    }

    @Test
    public void testInheritanceAndMixedUserGroupPermissions() throws Exception {
        allow(this.path, this.testGroup.getPrincipal(), this.modPropPrivileges);
        deny(this.path, this.testUser.getPrincipal(), this.modPropPrivileges);
        assertFalse(this.testAcMgr.hasPrivileges(this.path, this.modPropPrivileges));
        allow(this.childNPath, this.testGroup.getPrincipal(), this.modPropPrivileges);
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, this.modPropPrivileges));
    }

    @Test
    public void testCancelInheritanceRestriction() throws Exception {
        allow(this.path, this.repWritePrivileges, createGlobRestriction(""));
        assertTrue(this.testAcMgr.hasPrivileges(this.path, this.repWritePrivileges));
        assertTrue(this.testSession.hasPermission(this.path, "set_property"));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath, this.repWritePrivileges));
        assertFalse(this.testSession.hasPermission(this.childNPath, "set_property"));
        assertFalse(this.testAcMgr.hasPrivileges(this.childNPath2, this.repWritePrivileges));
        assertFalse(this.testSession.hasPermission(this.childNPath2, "set_property"));
    }
}
